Strategies to Mitigate Cyber Security Incidents

Replaces Strategies to Mitigate Targeted Cyber Intrusions as of February 2017

The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents. This guidance addresses targeted cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, 'business email compromise' and industrial control systems.

This guidance is informed by ASD's experience responding to cyber security incidents and performing vulnerability assessments and penetration testing Australian government organisations.

No single mitigation strategy is guaranteed to prevent cyber security incidents. At least 85% of the adversary techniques used in targeted cyber intrusions which ASD has visibility of could be mitigated by implementing the following mitigation strategies, referred to as the 'Top 4':

These Top 4 mitigation strategies for targeted cyber intrusions are mandatory for Australian Government organisations as of April 2013.

Incorporating the Top 4, the eight mitigation strategies with an 'essential' rating are so effective at mitigating targeted cyber intrusions and ransomware that ASD considers them to be the cyber security baseline for all organisations. Any organisation that has been compromised despite properly implementing these mitigation strategies is encouraged to notify ASD.

ASD's Australian Government Information Security Manual (ISM) provides supporting guidance. ASD also has separate and specific guidance for mitigating denial of service, securely using cloud computing and enterprise mobility, including personally-owned computing devices.

Strategies to Mitigate Cyber Security Incidents
Primary Guidance

Essential Eight Explained

Overview of the Top 4

Additional Guidance

Mitigation strategies to prevent malware delivery and execution

Mitigation strategies to limit the extent of cyber security incidents

Mitigation strategies to detect cyber security incidents and respond